Cryptography in plain English is the art of taking data, jumbling it up so it looks nothing like its original form, and being able to put it back in its original form again at some future time. To jumble up data, we take our plaintext data and encrypt it using a special value called a key . This process produces our jumbled-up data, called ciphertext. Ciphertext can travel a public medium and be sniffed by an attacker. The attacker, however, without the correct algorithm and key can in no way decipher the message. So right away, we know that both ends of a secure link must know two very important items. They must know the encrypting algorithm as well as the key used to encrypt and decrypt the data. A problem these two parties have is obtaining the key and algorithm. They can do a few things such as phone each other and agree on an algorithm and key, but the phone could be tapped, which would allow the attacker to decipher the messages. Therefore, a phone call will not do. They could email the algorithm and key, but the email could be intercepted. Therefore, an email will not work. They could meet somewhere and agree on an algorithm and key in advance. But what happens if they are at opposite ends of a state or the country? This exchange obviously will pose a problem. As you can see, the art of encryption itself is easy. Obtaining the parameters to encrypt data is difficult, which is what IPSec is all about. Ninety-five percent of IPSec deals not with encrypting data, but with securely exchanging the parameters used to encrypt data and making sure it is not modified in transit. There are certain things we want when sending data across an insecure medium:
IPSec uses various protocols and algorithms to ensure that everything in the list occurs. |